PT-2024-30557 · Apollo · Apollo
Lakeswang
·
Published
2024-08-20
·
Updated
2024-08-26
·
CVE-2024-43397
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Apollo versions prior to 2.3.0
Description
A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks, enabling them to modify a namespace without the necessary permissions.
Recommendations
For versions prior to 2.3.0, update to version 2.3.0 to address the issue.
As a temporary workaround, follow the recommended practices to prevent Apollo from being exposed to the internet.
Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apollo